![](/screenshots/817e4d09-40cb-45b8-9f03-34a90653e7f1.png)
alkomex.com
Open in
urlscan Pro
23.229.174.0
Malicious Activity!
Public Scan
Submission: On August 27 via automatic, source openphish — Scanned from DE
Summary
This is the only time alkomex.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 23.229.174.0 23.229.174.0 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
7 | 2a00:86c0:209... 2a00:86c0:2091::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
2 3 | 84.53.161.35 84.53.161.35 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2a02:26f0:dc:... 2a02:26f0:dc::217:61e8 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
11 | 4 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-23-229-174-0.ip.secureserver.net
alkomex.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a84-53-161-35.deploy.static.akamaitechnologies.com
img1.wsimg.com | |
img6.wsimg.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
nflxext.com
codex.nflxext.com — Cisco Umbrella Rank: 211297 assets.nflxext.com — Cisco Umbrella Rank: 4358 |
155 KB |
3 |
wsimg.com
2 redirects
img1.wsimg.com — Cisco Umbrella Rank: 8991 img6.wsimg.com — Cisco Umbrella Rank: 11047 |
12 KB |
2 |
secureserver.net
events.api.secureserver.net — Cisco Umbrella Rank: 12049 |
574 B |
1 |
alkomex.com
alkomex.com |
9 KB |
11 | 4 |
Domain | Requested by | |
---|---|---|
5 | assets.nflxext.com |
alkomex.com
codex.nflxext.com |
2 | events.api.secureserver.net |
img1.wsimg.com
|
2 | img1.wsimg.com | 2 redirects |
2 | codex.nflxext.com |
alkomex.com
|
1 | img6.wsimg.com |
alkomex.com
|
1 | alkomex.com | |
11 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
help.netflix.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.1.nflxso.net DigiCert TLS RSA SHA256 2020 CA1 |
2022-08-20 - 2022-09-25 |
a month | crt.sh |
*.api.secureserver.net Starfield Secure Certificate Authority - G2 |
2022-08-05 - 2023-09-06 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://alkomex.com/3681239825447232936647796172414292117611&33493868464595404825108889082968436455285929280&nicksanchez1982@icloud.com.html
Frame ID: 3CA59071ADA108CBB80BC27EAAAC8110
Requests: 11 HTTP requests in this frame
5 Outgoing links
These are links going to different origins than the main page.
Title: Terms of Use
Search URL Search Domain Scan URL
Title: Privacy Statement
Search URL Search Domain Scan URL
Title: FAQ
Search URL Search Domain Scan URL
Title: Help Center
Search URL Search Domain Scan URL
Title: Corporate Information
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 5- https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js HTTP 302
- https://img1.wsimg.com/traffic-assets/js/tccl.min.js HTTP 302
- https://img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/tccl.min.js
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
3681239825447232936647796172414292117611&33493868464595404825108889082968436455285929280&nicksanchez1982@icloud.com.html
alkomex.com/ |
117 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/1.22.5-shakti-css-v949d2797/css/css/less%7Ccore%7Cerror-page.less/1/amrou4tsneq/none/true/ |
11 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/1.22.5-shakti-css-v949d2797/css/css/less%7Cpages%7Csignup%7Csimplicity%7Csimplicity.less/1/amrou4tsneq/none/true/ |
229 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
visa-v3.svg
assets.nflxext.com/ffe/siteui/acquisition/payment/svg/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mastercard-v2.svg
assets.nflxext.com/ffe/siteui/acquisition/payment/svg/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
amex-v2.svg
assets.nflxext.com/ffe/siteui/acquisition/payment/svg/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tccl.min.js
img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/ Redirect Chain
|
44 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NetflixSans_W_Rg.woff2
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/ |
52 KB 52 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NetflixSans_W_Md.woff2
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/ |
53 KB 53 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
event
events.api.secureserver.net/t/1/tl/ |
43 B 287 B |
XHR
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
event
events.api.secureserver.net/t/1/tl/ |
43 B 287 B |
XHR
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation function| handleCountryChange function| validForm function| updateAccount object| _trfd boolean| _tcclPageReqFired object| _tcclInternal object| _expDataLayer object| _trfq object| tccl2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.alkomex.com/ | Name: _tccl_visitor Value: bf92fca1-52be-5fa0-a941-3957d27cfc7f |
|
.alkomex.com/ | Name: _tccl_visit Value: bf92fca1-52be-5fa0-a941-3957d27cfc7f |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
alkomex.com
assets.nflxext.com
codex.nflxext.com
events.api.secureserver.net
img1.wsimg.com
img6.wsimg.com
23.229.174.0
2a00:86c0:2091::1
2a02:26f0:dc::217:61e8
84.53.161.35
6cb0efedc1729d965016a35584cb00b03aa46e1a5e170f4b3ce092c7c3e99ec7
7601455c0af7c3e0d8e64a288249c254b8fc1b257350613a6cdd1e1aaca9a3e4
989dd78ba10360e68626787bc4af03af307aa85e419c5b445cbb6ab8343de034
9a4620a32974adc5764f26a8070cd432aa32ba8be3167320fd32bcd9cdcaed08
9ac2bd03fcde501b3f30f47ab1fae62161f87808ea6411f38e8feaa4bbddc42e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b5cd77841e777010cf1f07050ffaafcbba1e29d0496d1a53a11f9075e6fb9507
c0bceb927c506dce9f6e6f5f570e641ad580b9554be06f61508a4aee32380167
d8dc942bdf04e43d4edb17c9d421f9f3a70bd62d5ec2fb502deb91b9b95fc064
d9bac1aefff045998fd064ed279defcd96c37a53ee0ee3816d1ebab19c1ff739